socgholish | 454af8e19b47f6bd7958a412e002c39225f8f93bf5c13b62ad7aaf8f59659846

Analysis

max time kernel
117s
max time network
138s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/03/2025, 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_6cbd4256ba1051b50ef802c873666e3f.html
Size

76KB
MD5

6cbd4256ba1051b50ef802c873666e3f
SHA1

19c6b2e2d2953a587b4a1fd4672dbde9985ad956
SHA256

454af8e19b47f6bd7958a412e002c39225f8f93bf5c13b62ad7aaf8f59659846
SHA512

49f29b07760fec3b5fde5bada90c2e757d285d023529cd686730bbe48d0a78fcdf8fcedc8422314b73c196b9f5174532cab0acd71660e84c083ed0ab4da3fab8
SSDEEP

1536:Np5pBowzHFkZvNu1z1seeeebBHI/9snth/:Np5pBoelYBu9snth/

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{72275EB1-FF75-11EF-807F-4E1013F8E3B1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "447968405"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2528	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2528	iexplore.exe
2528	iexplore.exe
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2920	2528	iexplore.exe	30
PID 2528 wrote to memory of 2920	2528	iexplore.exe	30
PID 2528 wrote to memory of 2920	2528	iexplore.exe	30
PID 2528 wrote to memory of 2920	2528	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6cbd4256ba1051b50ef802c873666e3f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
bf0a28d8e2726e9813c441463e5e4092

SHA1
ca7cd2dcc426cc30b5c4abdc5b3419225f2a18d1

SHA256
673caeeebcb73ab05f7884d05c7cd00e087f2a363926c1f95cc4689311ec12ae

SHA512
5603a3df2b125127395e7cc763ff9c8a29c003d11a37152356ad11514a497b68251d24a21d7f8c7851e4b927acb6f28de3da89522070b62fd1fa6b78db91f8db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b241e0264b7e884498653603d5eb836

SHA1
2b10bbba2847d52d1024869c795f7b1c399425f4

SHA256
ded1e60d3a2cad76e2a318352ef27d094a847b982eca343375d9da53be722f1b

SHA512
efb6e35c89f5741158f68f2f9579d8005d29608f097cb693f1116b1f8f2a0227c62e9bfc18d4dfaba0d84891d7155e054a4f44c33ed9ce212dc6af217a67f454

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c096f9b76694276822f7a30f7b3f906

SHA1
d4f557049edc9342729a0579fa6183345d3462da

SHA256
ea36b0e52a2662c07e5d67acbd5e245953e777c7f974b91d259fad2e8c3f497f

SHA512
2a74b7fca21f4a56244998450f4af2bc9756935686bba8a3ca95336fc595296d719b9ca6885fe584a8fe9d1008660f0ba198dd3cbfa349ce5abfd152379e0aa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
244e8a5fd405c3d8dfde8b0d05094c00

SHA1
45981685fc6d4bb5d16f20d7bd77cbf8280423e5

SHA256
079afda62829c41e090d772908ee05a7704b64079f0785742c7ee4d51139eb80

SHA512
5762e98695d1baad8640ae1608d6c34c5388ef86ea455154fc5c511a777868f1b34d3328759d530015e143ff8e51d2a350bff63f05fe2831232e94ee85cebf78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c01b626e2103b35e993ecb646ec3ad8f

SHA1
109a01010a672d949891b1bffd8e426248f818c0

SHA256
6b9b9af78d36cfb29fa5641ab4048009f9b94a79a63b1f7b1f95fcef72aea720

SHA512
2015a99424b884398df916e9cbfb4dea30d379dfdacd43d4df6818df324982aa0657ce2f07083e7f67ceb4a606cc91708fdad015f75e8ae57a858811efc9d631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed298486d1b470442e6088bcb4ec67a3

SHA1
01a48eaaaec2ce5ed246d906e9415063d6062f8a

SHA256
ed5e4dc5cca24c337f0e825c69415d625108e7866a96242c08be56ca8d9edd00

SHA512
b39c72b9a258c6f7b8e4428bdcb511edb56be1015d4c03f9681225c349a852d4d38eac9d346e02ea65f7200bd6262ebeedcb14a49f64f296e5b5a57c7f7c8e7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2014a3c046aeb9c64622ca412f51165f

SHA1
c46b7d577661967449c3b01b0bd02a16428d035f

SHA256
16262f4f8a890e5e38387b67e0e0c11a8d2735b63312393dadc38e70015e2cb4

SHA512
7cbd11ddc2a609d2d62d8bfe786b58bcd998367f55c593add0aae762bbdb2be3a4aaff7faef91b6b9c7c72dbe12fc93a08ac2bdf549841ad445308ac647dc2f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7adb8c19ae5da4e715d4c1f326260219

SHA1
810d5f05893f381c1b1a01b190fcbd2f0fbeae87

SHA256
283e6b564069a63d7b9287886552e0e01f34d097c76f3871862da90d7f2b2893

SHA512
d94b070ed8f750f0281454ae2f32f8b3b56c88655d1b519d2e0af8064c67835c15cec2507dd025a43cc28f42145b3adbc58782752c5bda82341df73c8a31fa84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
571e078815312ce50172f3202c446a66

SHA1
23f56f9876783ec01a2bdcc982efd584cd5460b0

SHA256
4a620c43d6208ee0fe5b74447334d60eab227f01cff7dd537920d9cafc2c237f

SHA512
ac4237c5bfa0f503ce27dd20ee364dc53de9544ed6d934357056cafe7614869f90d8a97e7cd94b9c587066e4fd3d3b1e670735d976823eaf84072bf4b8cb75b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c143fe0321c32116a650a22c4cd2ef4

SHA1
922763b367f07cfa64da8502af188b0954324797

SHA256
fa8d94df0567eb3337ce21586fc29e5960364e0818088b18d955748df10d175d

SHA512
755f560debc1feec098af9f4d4bc204cf7be89cf1c84b3eb0dcd570467c8d2067be593587e1fb40c1a151f8ee469664bd9602821e291703fa2a2cf039d253028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3895860d585ad956851cb3d167da5f04

SHA1
6a9dbb2b07b4d6dba202305db1dffafdcac72014

SHA256
22b52e7f8dd88e030f417c92d8c7c0f9b6b7a51d85279322da2c2947f0c47f82

SHA512
54e4128819f1c6fe31ff1e2a163aba3f18964fa41dd5f8a644360e96255ecb9ddaa6747a942497fac99cd49ec3df458d763b515b7c57680f27dc02b093896c71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ac10130bdadf095ec794bc01b2343b1

SHA1
0be027dd92e3de38f1f825818b71a2d2ec1634e5

SHA256
c4f1a7396196b17f1b799cb82f0a579d83498a7e45bef86514bf12784f822b38

SHA512
fa3381f7875f8d7f79d3332ba7f2341f9b0a65023d289bf2f5a94ced251633e641574507d42ce01669cbf59996817b329380e709c4bdf14ae5251e4ae7212572

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
042826debdee2f5bd9ee5eaf35fa5334

SHA1
e2d5701804a2ed1f17b002d882b4f2dedf7f3fc4

SHA256
e08693580f9d5659e58eafc0b04f18d986829d6ff0791d39511ca53f3670367a

SHA512
65bbcfbb14eca58f797374e9ff836fc7ddc1d2c8176df9d9bacaf9b88510c0348d073c95bc2bdd5e2240c57f71a3e015bc4cc71b4c467ca4519a4359d071b6d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
03644268e0c68ba24dc61349d09f2786

SHA1
15ad3f2531a99f514ff765665152002a61cdeafc

SHA256
b16d32be672e3e36136033f053ff8d0d5c87970090b4f96d4c75646f9ff5a57b

SHA512
b5915aaa8130ff97b4e70e1bf48fdff033fbc3c305cf83f29092b7efac1200aa89d95aebfa518e7134cbb53057ef7ab7d06e122d948b35ac66a14940b858b759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLHRIIGD\plusone[1].js

Filesize
62KB

MD5
43d200107e4d6c19adfc009a2a7da6c2

SHA1
067dc4f8f48d441c9d6f128dcd04bd115fb2a548

SHA256
1dddfe339de1b225b6d370473a98170fefdf374ce3a58d89ffbce25e2cbb6f48

SHA512
f36b03ffe70d74fb25796ab083daac2ef41bbf61d45bf13ef2136841c1f082b903f8cdb89f81cf851c176a94ac60e6a8b5e91d3d160c1615a01557bdc656cb8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab292.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar295.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4BD.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit